Problem with 403-forbidden error

I’m having a problem with the following error:

T000000 AppDynamicsSnapshotEnabled = false
T000000 403 (Forbidden), APPLICATION/JSON, 102 bytes, 95 ms
T000000 *** error: expected HTTP status: 200 <> received: 403 (Forbidden), APPLICATION/JSON, 102 bytes, 95 ms

I’ve been under the impression that it might have something to do with x-csrf token. I created a variable for the value but I’m not sure how to implement properly. Can anyone point me to an example of how to do this?

Hi, you should only have to assign that to a header value, so what you want to do is a rewrite of the header from the request header with the value you extracted from the first x-csrf response you have

The function you want to use in the request header are of your request (accessed via Main Menu) is named “Assign Var to HTTP Header Field Pattern” and allows you to modify most values in there on the fly

If you still cant get it to work you can send me a dropbox link or alike to the the prxdat recording and i can take a look at it and post the answer to the problem here


I sent you a link to a dropbox folder with the .prxdat file. I don’t understand what the 403 error is thus can’t troublehoot.

Barry Lynch
Project Manager
Q2 Information Technology
Direct . . 512.682.1748
Mobile 407.808.1592

Hello Daniel,
I got similar Problem . Could you Guide What Exactly We need to ?

Hi @rmsudhi,

In this case it was just that the X-CSRF token wasnt handled, meaning that cross domain requests fails.

If this is the issue you are having then you should only need to extract the token where it gets assigned and then add it to all requests that fail with 403 error code

Why this happens is that when you have recorded your sessions it is static until post processed in ZebraTester, the X-CSRF token is dynamic and thus the core problem is that an old X-CSRF token is being sent

I have documented relevant info in the new Community